from PLC.Parameter import Parameter, Mixed
from PLC.Filter import Filter
from PLC.Persons import Person, Persons
+from PLC.Sites import Site, Sites
from PLC.Auth import Auth
hidden_fields = ['password', 'verification_key', 'verification_expires']
Users and techs may only retrieve details about themselves. PIs
may retrieve details about themselves and others at their
- sites. Admins may retrieve details about all accounts.
+ sites. Admins and nodes may retrieve details about all accounts.
"""
- roles = ['admin', 'pi', 'user', 'tech']
+ roles = ['admin', 'pi', 'user', 'tech', 'node']
accepts = [
Auth(),
def call(self, auth, person_filter = None, return_fields = None):
# If we are not admin, make sure to only return viewable accounts
- if 'admin' not in self.caller['roles']:
+ if isinstance(self.caller, Person) and \
+ 'admin' not in self.caller['roles']:
# Get accounts that we are able to view
valid_person_ids = [self.caller['person_id']]
if 'pi' in self.caller['roles'] and self.caller['site_ids']:
else:
return_fields = self.return_fields.keys()
+ # Must query at least person_id, site_ids, and role_ids (see
+ # Person.can_view() and below).
+ if return_fields is not None:
+ added_fields = set(['person_id', 'site_ids', 'role_ids']).difference(return_fields)
+ return_fields += added_fields
+ else:
+ added_fields = []
+
persons = Persons(self.api, person_filter, return_fields)
# Filter out accounts that are not viewable
- if 'admin' not in self.caller['roles']:
+ if isinstance(self.caller, Person) and \
+ 'admin' not in self.caller['roles']:
persons = filter(self.caller.can_view, persons)
+ # Remove added fields if not specified
+ if added_fields:
+ for person in persons:
+ for field in added_fields:
+ del person[field]
+
return persons